The Policy below is effective since August 10, 2022. You can read the previous version of the Privacy Policy here.

PRIVACY POLICY

Effective: August 10, 2022

SCOPE OF THIS POLICY

This Privacy Policy (“Policy”) applies between you and Snovio Inc. (“Snovio”, “Company”, “we”, “us”, “our”), the owner and provider of this website https://snov.io/ (“Site”), web application Snov.io, API methods available by api.snov.io hostname (collectively the “Platform”). This Policy applies to our use of any personal data processed by us in relation to the provision of our services and products and your use of the Platform.

When processing your personal data Snovio can play different roles under the GDPR and other applicable laws and regulations. Depending on the factual circumstances of the processing, we may act as a data controller or data processor under the GDPR and business and service provider under the CCPA respectively.

You can be our visitor, client (collectively “users”), or prospect:

You are a visitor when you merely browse this Site and/or submit your personal data via the Site’s online chat, feedback forms or any other forms;
You are a client or client’s representative (“client”) when you submit your personal data through a registration form on the Site, our social media accounts, email, contact us for assistance, leave us feedback regarding the provision of services, or share your or third-party personal data with us when you use our products and services.
You are a prospect if your personal data related to your business interests or occupation is used in the process of providing services by us to our clients within our Platform.

When you submit your personal data as a client through our Platform, you may be asked to consent to our processing of the personal data you provide as explained in this Policy to enable us to provide you with the information or service requested, if no other legal ground can be used.

INTERPRETATION AND DEFINITIONS

We use the following definitions in this Policy:

“data controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is processed.

“data processor” means the natural or legal person who processes personal data on behalf of the data controller.

“joint controllers” means two or more controllers jointly determining the purposes and means of processing.

“data subject” is a natural person about whom Snovio holds personal data.

“personal data” means any information relating to you and helping identify you (directly or indirectly) such as your name, last name, email, location data, etc.

“processing” means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“services” means sourcing, lead generation and sales automation services provided by the Company via online platform and web application.

TYPES OF PERSONAL DATA WE COLLECT

We collect three basic types of information about you in connection with our services: client data, visitor data, and prospect data, which relate to clients, visitors, and prospects respectively. In particular, we collect:

Client data:

(a) Registration Information. When you create an account on the Platform, we collect the following required information about you: email address, first and last names, and phone number. You must enter the above information yourself to create an account unless we receive such information (except phone number) about you from the Gmail authentication token when you choose to sign up using the ‘Sign In with Google’ button.

(b) Authentication Token Information. When you create an account on the Platform through the ‘Sign In with Google’ button, we collect encrypted Gmail authentication token obtained from Google LLC. We can obtain the following information about you via such a token: first and last names, email address, language settings .

(c) Automatically Collected Information. When you create an account, we collect certain information about you and your device automatically, including, IP Address, referral link, registration date, account balance information, language, and browser type. We may also collect some information about your activity on the Platform, such as the time you purchased a subscription or renewed your plan.

(d) Workplace Information. When you create an account on the Platform, we collect some general information about your workplace and the purpose for using our Platform so that we can develop and optimize our Platform to meet the needs of our customers. Collecting workplace information allows us to know specifically who the processing agent is in order to expedite communication, e.g. in the event we receive a request from a data subject. Such information includes your company name, approximate company size, your occupation and purpose for using our Platform.

(e) Payment Information. If you order services from us, you will need to provide certain personal details, including payment information, so the order can be fulfilled. This information includes your identifier (client and order), email address, IP address, phone number, first and last names, country code, address (city, state, zip code), company name, card type, last 4 digits of the card number, user agent and browser language data, name of payment processor and may be used to prevent fraudulent chargebacks.

In order to obtain payment from you, we will use or direct you to a third-party payment processor who will collect this information from you and process your payment. Please note that a third-party payment processor is responsible for all collection, processing, and storage of your financial information and we do not have direct access to or possession of your payment card information (except the four last digits of the card number) or banking information.

(f) Google User Data: Email address of the integrated Gmail account, the access token, or identifiers for 1) drafts and messages sent via features (such as Remind Me and Send Later) features of Unlimited Email Tracker for Gmail, 2) emails sent via campaigns and/or GBlast, 3) all inbox emails with all text information, attaches and images, received as answer to emails sent via campaigns, 4) synchronization of Google Calendar with Snovio CRM service.

(g) Email Drip Campaigns Data: Information regarding the Email Drip Campaigns services sent by the clients: login and password from the client’s email sender account, email addresses added to drip campaign recipients, settings for the purposes of sending the email drip campaigns, replies to campaign emails, a timeline of these campaign actions, identifiers of sent and received emails, content of emails, information on the email recipient, the tracking status of sent emails for statistics.

(h) Email Warm-Up Campaigns Data: Information regarding clients’ use of the Email Warm-Up services, i.e. how many emails were sent, received, and found in the ‘spam/junk’ section of your warm-up email account during your email warm-up campaign. Email Warm-Up services are not provided for Gmail (Google) accounts. Therefore, Email Warm-Up Campaigns Data cannot include any data obtained from clients’ Gmail (Google) accounts.

(i) Unlimited Email Tracker Data: Information regarding clients’ use of the Unlimited Email Tracker extension, i.e. message ID, subject, sender, and recipient of an email.

(j) Integrations API Information: Clients’ API tokens, which are necessary to integrate your account (giving our Platform access to a third-party platform API) with other third-party services, including CRM, collaboration tools, forms, customer support platforms, such as Calendly, Pipedrive, Zapier.

Visitor data:

(k) Contact Information. We can collect some personal data when you submit your personal information via the Site’s online chat or other forms to contact, provide feedback on our Platform, or join our affiliate program. Such data may include name, email address, phone number, message, and other information you may provide us via available contact options.

(l) Cookies Information. On our Site, we use cookies and other tracking technologies for a variety of purposes: for analytics, marketing activities, remembering your preferences, and other purposes. Such use may involve the transmission of information from us to you and from you to a third party website or us. To learn more regarding our use of cookies please see our Cookie Policy.

Prospect data:

(m) Prospect data. We collect and process third-party personal data (mainly information related to data subject’s business interests or occupation) that has been provided to us by the Client or generated/collected through Snovio’s tools (Email Finder, LI Prospect Finder, Single Email Search, Bulk Email Search, Domain Search, Bulk Domain Search, Company Profile Search) under instructions provided by Client. Such information can include email address and/or first name, last name, corporate email, location (not precise), industry, current and previous position, place of work, links to social media.

(n) CRM Data: We process prospect data and any other personal data provided to us by our Client within the Snovio CRM service, including information used in ‘Deals’ and ‘Tasks’ features of CRM.

We use the personal data we collected and the personal data you provided us with or requested us to collect only for the purposes listed in this Policy. We may share your personal data with third parties solely for the purposes listed herein.

We DO NOT sell your data. We DO NOT use automated decision-making and profiling.

We DO NOT intentionally collect and process the personal data of children or any sensitive personal data. Please, refrain from sharing your or third-party sensitive personal data

GROUNDS FOR PROCESSING

We collect and process your personal data or the personal data you provided us with in accordance with the provisions of the GDPR and other applicable laws.

GDPR provides an exclusive list of lawful bases allowing us to process the personal data. During the personal data processing, we rely only on four of them, namely:

Article 6.1(a): consent

We collect the information you choose to give us, and we process it with your consent. We require the minimum amount of your personal data that is necessary to notify you about our services and products (for example, send you a newsletter or offer).

You may withdraw your consent to the processing of your personal data at any time. Please remember that the withdrawal of consent does NOT automatically mean that the processing before the withdrawal is considered unlawful.

You may withdraw the consent to the processing of your personal data by sending us an email at help@snov.io, a message via the Site’s online chat form or by contacting us in any other way convenient for you.

Article 6.1(f): legitimate interests

We can process prospect data based on our, your and your potential business partner’s legitimate interests, namely to:

contribute to business cooperation between you and your potential business partners;
create and assist in discovering new business-targeted marketing and sales opportunities for you and your potential business partners;
allow you to expand your database of the potential business partners;
develop the new unique platform that simplifies and facilitates professional interaction between businesses;
allow you to use an online platform for businesses that combines sales, CRM, analytics, marketing and email service functionality;
allow your potential business partners to approach new potential and verified clients or suppliers;
allow your potential business partners to commercialize the use of their publicly posted information related to their professional or business interests/occupation.

You may read more about it in Snovio’s Joint Controllership Agreement.

We use only strictly necessary data that was subject to the legitimate interest assessment procedure.

Article 6.1(b): performance of a contract

When you provide us with the personal data during the registration of the account on the Platform, insert requested payment information to purchase services; this can be deemed as your request to form a contract or to perform a contract between you and us. However, we may ask you to give us clear consent in case of doubt.

Article 6.1(c): legal obligation

We process your personal data to fulfill the applicable legal obligations arising mainly under the GDPR. If you send us the request to fulfill the rights granted by the GDPR, we may ask you for some personal data we already have to identify you and achieve compliance with the applicable law.

HOW WE USE YOUR DATA

When acting as a data controller, we use your personal data for the purposes listed in the table below where we also detail the type of personal data processed, legal bases we rely on to do so, third parties with whom we may share your personal data and information as to the source of such data:

Purposes	Type of personal data	Legal grounds	Third parties recipients	Source
Creating an account on the Platform	(a) Registration Information (b) Authentication Token Information (c) Automatically collected Information (d) Workplace Information	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Client, Google LLC
Maintenance of the account on the Platform	(a) Registration Information (b) Authentication Token Information	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Client, Google LLC
Communication with Clients and visitors (to resolve general queries, concerns, or complaints, any other issues, or to send reports on the services performed)	(a) Registration Information (k) Contact Information	Performance of a contract (Article 6(1)(b)) Your consent (Article 6(1)(a))	AWS, Hotjar, Crisp, Google Workspace, Sendgrid Contractors	Client
Analytics & Developing (for understanding, optimizing, and improving our Platform)	(c) Automatically collected Information (d) Workplace Information (k) Contact Information (l) Cookies Information	Your consent (Article 6(1)(a)) Our legitimate interest (Article 6(1)(f))	Hotjar, Google Analytics, Google Workspace, Amplitude, Prove Source, Contractors	Client
Marketing (to suggest and notify you about the services and products of the Company and conduct other marketing activities)	(a) Registration Information (l) Cookies Information	Your consent (Article 6(1)(a))	CRM Pipedrive, SendPulse, Facebook, Google LLC, Contractors	Client, Facebook
Processing of Payments	(e) Payment Information	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Client, 2Checkout, FastSpring
Fraud Prevention (including chargeback fraud)	(a) Registration Information (c) Automatically collected Information (e) Payment Information (i) Unlimited Email Tracker Data	Our legitimate interest (Article 6(1)(f))	AWS, IP Quality Score, Contractors	Client, 2Checkout, FastSpring
Maintenance of Snov.io Affiliate Program	(k) Contact Information (name and email address)	Performance of a contract (Article 6(1)(b))	Contractors	Client, First Promoter
Enabling email sending through the Platform on the client’s behalf, track the replies to messages sent through the Platform and/or GBlast, enable the ‘Remind Me’ and ‘Send Later features’ of Unlimited Email Tracker	(f) Google User Data	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Client, Google API
Providing Email Drip Campaigns services to clients	(f) Google User Data (g) Email Drip Campaigns Data	Performance of a contract (Article 6(1)(b))	AWS, SendPulse, Contractors	Client, Google AP
Providing Email Warm-Up Campaigns services to clients	(h) Email Warm-Up Campaigns Data	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Client
Providing other services, including including synchronization Google Calendar with Snovio CRM service, to clients and ensure the proper operation of the Platform	(f) Google User Data	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Client, Google API (including Google Calendar API)
Enabling clients to integrate their accounts on the Platform with other services	(j) Integrations API Information	Performance of a contract (Article 6(1)(b))	AWS, Contractors	Client, Third-party API (Calendly, Pipedrive, Zapier, etc.)
Maintenance of a database of contact information of potential customers or business partners to assist our Clients in finding prospects according to the set search criteria	(m) Prospect data	Legitimate interests of Company, clients, and such third parties (Article 6(1)(f)).	AWS, Contractors	Clients, Snovio tools and extensions
Complying with the law or legal process	(a) Registration Information (b) Authentication Token Information (c) Automatically collected Information (d) Workplace Information (e) Payment Information (f) Google User Data (g) Email Drip Campaigns Data (h) Email Warm-Up Campaigns Data (i) Unlimited Email Tracker Data (j) Integrations API Information (k) Contact Information (l) Cookies Information (m) Prospect data (n) CRM Data	Legal obligation (Article 6(1)(c)) Our legitimate interest (Article 6(1)(f))	AWS, Hotjar, Google Workspace, Google Analytics, Sendgrid, Crisp, Amplitude, Prove Source, CRM Pipedrive, SendPulse, IP Quality Score, Contractors	Client, Google LLC, Facebook, 2CheckOut, FastSpring, Third-party API, Snovio tools and extensions

We also process certain personal data as a data processor, at the request and pursuant to the instructions given by the respective user of our Platform (data controller in that case). Please note that we can process certain personal data when you use or access our services, tools, and extensions. You can read more in the ‘SNOVIO EXTENSIONS AND INTEGRATIONS’ section of this Policy. We describe several possible situations where we can act as a data processor in the table below:

Purposes	Type of personal data	Legal grounds	Third parties recipients	Source
Providing our Clients with the services and tools for searching personal data of potential customers or business partners	(m) Prospect data	Performance of a contract (Article 6(1)(b)).	AWS,, Contractors	Client, Snovio tools and extensions
Providing our Clients with the services regarding verification of email addresses	(m) Prospect data (only Email addresses)	Performance of a contract (Article 6(1)(b)).	AWS, Contractors	Client
To provide CRM services to clients (operate, group and structure the Prospect data and other information used in the ‘Deals’ and ‘Tasks’ features of CRM)	(n) CRM Data	Performance of a contract (Article 6(1)(b)).	AWS, Contractors	Client

In some situations, we can act as joint controllers with our clients. When we act as a joint controller jointly with you, Joint Controllership Agreement shall be applicable to you. In such a case, we may process the following personal data:

Purposes	Type of personal data	Legal grounds	Third parties recipients	Source
Providing our clients with the services and tools for searching personal data of potential customers or business partners	(m) Prospect data	Legitimate interests of Company, clients, and such third parties (Article 6(1)(f)).	AWS, Contractors	Client, Snovio tools and extensions

GOOGLE USER DATA

IMPORTANT: Snovio's use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

We analyze all new emails in your Inbox using automated algorithms and, in the event, they are received as answer to emails sent via campaigns and the single send email option, we will store them (with all text information, attaches, and images) and record the results of the analysis to provide accurate campaign functioning, campaign statistics, demonstrate the content of the emails to the user (to which Snovio does not have access), and ensure operability of the Remind Me feature in case the sent email receives no reply.

We do not access your Sent emails through your Gmail account. We use access to draft sending in your Gmail account to ensure the operability of the Send Later feature.

We may add a tracking pixel to the body of emails sent through our service to track email opens and wrap your links with a tracking domain to track link clicks. We use the data acquired through these tracking methods to maintain email campaign operability and provide campaign reports.

You may revoke Snovio’s access to your Gmail account in the Account’s settings page here. If you decide to do so, we will lose access to your Gmail account and will no longer be able to provide you campaign sending services through Gmail API.

We delete all data collected from your Gmail account upon request.

Not all Google User Data may contain personal data. Some statistical data will be anonymized.

With regard to the access to Google User Data as specified above, we will:

only use access to read, write, modify, or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets;
not use this Gmail data for serving advertisements;
not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the Platform's internal operations and even then only when the data have been aggregated and anonymized.

SNOVIO EXTENSIONS AND INTEGRATIONS

You may use our extensions, namely Email Finder, Li Prospect Finder, Unlimited Email Tracker, Email Verifier, and Web Technology Checker to facilitate your email campaigns to your potential business partners.

Email Finder and LI Prospect Finder

To use the extensions, you need to be registered at and logged into app.snov.io. Upon your request, the extension may collect personal information such as email addresses and business profiles from publicly available sources. Handling and storing of this information occurs only at your request. This data is stored in our database and could be found through a search inside the Platform.

If you do not want your personal data to be included as part of our service, you may opt-out by contacting us at help@snov.io or opt-out from all mailing lists on the Platform through this form. You can read more in the ‘HOW TO DELETE MY DATA’ section of this Policy.

Unlimited Email Tracker

The extension may require authorization in our web application (app.snov.io). Additionally, to use the Send Later and Remind Me features you must allow Snovio to access your Google account. You can learn more about how Snovio uses your Google data in the ‘GOOGLE USER DATA’ section of this Policy.

You can send emails through your usual Gmail interface and Unlimited Email Tracker extension will provide tracking information. We’ll let you know if we think your emails have been opened and how many times. We store the subject and message ID of emails for the open notifications only. We use them for tracking, as well as to enable the ‘Send Later’ and ‘Remind Me’ features. We store message ID, subject, sender, and recipient of an email for fraud prevention purposes within the period specified in ‘DATA SECURITY, INTEGRITY, AND RETENTION’ section of this Policy.

Email Verifier

To use the extension, you need to be registered at and logged into app.snov.io. The extension may collect email addresses from the websites you visit. We store the data only upon your request, and only if you click the "Save" button.

Website Technology Checker

To use the extension, you don't need to be registered at or logged into app.snov.io. This extension collects the information about websites using specific web technologies (non-personal data). We only store domains from visited websites to help us provide a better user experience.

Depending on your device and OS version, we have to request you to approve certain permissions for collection and processing of your personal data to enable the operation of the Email Finder, Li Prospect Finder, Unlimited Email Tracker, Email Verifier and Web Technology Checker extensions. Below is a list of such permissions and information explaining why our extensions ask for them:

Type of permissions required by the extensions and purposes of their collection/processing	Legal grounds	Third Parties recipients	Extension
"tabs" is using the chrome.tabs API (getting bookmark links, creating new tabs with our link, reloading open pages of app.snov.io); "http: // * /", - access to all sites to get page content (alternative to all_urls); "https: // * /", - access to all sites to get page content (alternative to all_urls); "cookies", - session recovery via cookies from app.snov.io; "notifications", - to show push notifications (completion of background tasks); "webRequest", - for automated information collected from web pages without direct opening of the pages by the user; "contextMenus" - to create a new item 'Background tasks' in the context menu of the extension.	Your consent (Article 6(1)(a));	AWS, MongoDB	Email Finder
": //.snov.io/", - access to our pages and API; "https://mail.google.com/", - access to Gmail pages; "tabs" - for using the chrome.tabs API (getting bookmark links, creating new tabs with our link, reloading open Gmail pages); "cookies", - session recovery via cookies from app.snov.io; "storage", - we store the activation settings of the tracker in the synchronized storage (if it's activated on one computer, then the settings are synchronized on others via Google account); "notifications" - push notifications "gcm" - to transfer data from the server to the client, needed to show push notifications; "scripting" - is used to execute the script in the tab; "alarms" - this allows the user to set a timer for sending the email or to send it later automatically at a time specified by the user.	Your consent (Article 6(1)(a));	AWS, MongoDB	Unlimited Email Tracker
"tabs", - for using chrome.tabs API (getting bookmark links, creating new tabs with our link); "http: // * /", "https://*/" - access to all sites to receive page content, for email search on pages (alternative to all_urls); "cookies", - session recovery via cookies from app.snov.io; "storage", - storage of found emails lists; "unlimitedStorage", removes the limit on the number of emails stored in the Сhrome storage; "notifications" - push notifications after the email verification is completed.	Your consent (Article 6(1)(a));	AWS, MongoDB	Email Verifier
"storage", - for storing settings and found technologies; "tabs", - for using chrome.tabs API; "webRequest", - to access the chrome.webRequest API functions for reading of the HTTP headers to identify the technologies used; "http: // * / ", - access to all sites to get page content; "https:///*", - access to all sites to get page content; "cookies" - session recovery via cookies from app.snov.io, as well as to determine the technologies used.	Your consent (Article 6(1)(a));	AWS, MongoDB	Website Technology Checker

DATA SECURITY, INTEGRITY, AND RETENTION

We store and process your personal data until we do not need it for any of the purposes defined in this Policy unless longer storage is required or expressly permitted by law.

We store Registration Information for the entire period when you use our services and for 1 month after the termination of your account on the Platform.

We store Payment Information you have provided us with for the entire period when clients use our services subject to partial deletion and partial anonymization thereafter.

We store Cookie Information for the period specified in our Cookie Policy.

We store Prospect Information provided to us by you for the entire period when you use our services and 3 months after the deletion of your account on the Platform. In any case, such information can be deleted if we obtain a deletion request from a prospect.

We store CRM Data, including personal data contained in the deals and tasks, for 90 days either after the deletion of the specific deal or task where such data has been processed or after the deletion of your account on the platform.

We store Authentication Token Information, Google User Data, Email Drip Campaigns Data, Integrations API Information for the period established by a third party who provided us with such information.

We store Unlimited Email Tracker Data for 60 days after the relevant email was delivered.

We may not delete or anonymize your data if we are compelled to keep it to comply with the law or legal process.

Notwithstanding any of the aforementioned periods of data storage, you may request to delete your personal data by sending us an email at help@snov.io or contacting us in another way convenient for you.

We have implemented appropriate organizational, technical, administrative, and physical security measures that are designed to protect your personal data from unauthorized access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods.

SHARING YOUR DATA WITH OTHER ENTITIES

We may share your personal data as a data controller to joint controllers, other controllers, and data processors in accordance with provisions specified hereafter.

Sharing personal data with joint controllers (other controllers)

We act as the joint controller while cooperating with Facebook. With respect to this case of personal data processing, we are the party to the Facebook Joint Controllership Addendum. Namely, Facebook and we act as joint controllers with regard to:

marketing and statistical data collected by Facebook and shared with us via Facebook pixel; and
emails of the clients we provide Facebook with to customize the advertising of our services.

Likewise, we act as joint controllers during the provision of our services to the clients. You may read more about it in Snovio’s Joint Controllership Agreement.

When we act as a joint controller for particular processing of personal data, a data subject may exercise his/her rights under the GDPR in respect of and against both joint controllers.

Google LLC and we act as independent controllers of personal data across Google LLC’s digital marketing services such as Google DoubleClick Digital Marketing and Google AdWords. To learn more, please visit our Cookie Policy.

Sharing personal data with data processors

There are many features necessary to provide you with our services that we cannot complete ourselves, thus we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services. We have established supplier assessment procedures to ensure we choose trusted partners who provide appropriate security measures and safeguards.

Therefore, we may share and disclose your personal data to other data processors:

Hotjar (Hotjar Ltd, Malta): to explore the user’s experience while using the Platform. You may read Hotjar’s Privacy Policy here;
CRM Pipedrive (Pipedrive OÜ, Republic of Estonia): to notify our clients about the services and products of the Company and use its communication tools for sales. You may read Pipedrive’s Privacy Policy here;
Amazon Web Services, AWS (Amazon.com, Inc., USA): to provide secure transfer and storage of personal data on the servers. You may read AWS Privacy Policy here;
MongoDB (MongoDB, Inc., USA): to provide secure transfer and storage of personal data on the servers. You may read MongoDB Privacy Policy here;
Google Analytics (Google LLC, USA): to analyse statistical data on how the visitor uses the Site in order to improve our Site’s functionality. You may read its Privacy Policy here;
Google Workspace (Google LLC, USA): to use Google services such as Gmail, Chat, Meet, Calendar, Drive, Docs, Sheets, Slides, Forms for collecting, storing, structuring and using your personal data. You may read its Privacy Policy here;
SendPulse (SendPulse Inc., USA): to facilitate mail campaigns to the clients and monitor the status of such sent messages. You may read SendPulse’s Privacy Policy here;
SendGrid (Twilio Inc., USA): to facilitate mail campaigns initiated by our clients to third parties and provide our clients with the statistical data regarding such campaigns. You may read SendGrid’s Privacy Policy here;
Crisp (Crisp IM SARL, France): to ensure the proper communication with you in case you will need any help, assistance, explanations etc. You may read Crisp’s Privacy Statement here;
IP Quality Score (IPQualityScore, LLC, USA): to prevent any fraudulent actions and predict the probability of refunds and chargebacks from the clients’ side. You may read IPQualityScore’s Privacy Statement here;
FastSpring (Bright Market, LLC, UK, USA and the Netherlands): to process payments from the clients and enable clients to purchase the subscription for the Company’s services;
2Checkout (Avangate B.V., the Netherlands and Avangate Inc., USA): to process payments from the clients and enable clients to purchase the subscription for the Company’s services;
First Promoter (Igil Webs SRL, Romania): to create and maintain our affiliate, referral and influencer programs. You may read First Promoter’s Privacy Policy here;
Zebra (Zmatic LTD, Bulgaria): to enable Zebra to provide its services on the Snovio platform;
Amplitude (Amplitude, Inc., USA): to track the digital performance of our services and products by analysing clients’ behaviour to adapt and optimize the Platform for our clients’ needs;
Prove Source (Configo Ltd., Israel): to collect information on user preferences and interaction with content on the Platform.
We may disclose some of your personal data to our outsource technical specialists in order to improve our Platform and your experience as well as deliver the functionality of the Platform. We may disclose your data to sales and marketing specialists to provide you with better client service, communicate with you at your request, send you newsletters and increase the sales. Also, we may disclose some of your personal data to our outsource legal professionals to make our business accurate and transparent. The abovementioned specialists are collectively referred to as Contractors.

We may transfer your personal data to countries outside the EU and EEA (Ukraine, China, Brazil and the USA) that are not determined to offer an adequate level of data protection on the basis of Article 45 of GDPR (adequacy decision) with appropriate safeguards as determined under the GDPR.

We only transfer your personal data to third parties within requirements under the GDPR. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with them and treat personal data transfer seriously. Where the Contractor has an appropriate data processing agreement in place, Snovio may adjoin such a data processing agreement. If so, Snovio and the Contractor may regulate the transfer of the personal data to such Contractor by means of this data processing agreement.

Snovio had adjoined the publicly available data processing agreements of the following Contractors:

Contractor	Data Processing Agreement
Google (Google Analytics and Google Workspace)	https://support.google.com/analytics/answer/3379636?hl=en; https://support.google.com/tagmanager/answer/7207086?hl=en.
Hotjar	https://hotjar.eu1.echosign.com/public/esignWidget?wid=CBFCIBAA3AAABLblqZhB24Pf0StieMUYoPhZjLSQREW72TWQoLK6pAinYy2zbB8uczxUqeZDdERVruVZ_y6c*
CRM Pipedrive	https://www-cms.pipedriveassets.com/documents/2021-02-16-Pipedrive-DPA-Signed.pdf
Hetzner	available in the personal account; manual for signing - https://www.hetzner.com/news/vertrag-zur-auftragsverarbeitung-gemaess-art-28-ds-gvo-steht-ab-sofort-online-zur-verfuegung-eintrag/
Amazon Web Services	https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
MongoDB	https://www.mongodb.com/legal/dpa
SendPulse	https://sendpulse.com/legal/processing
Send Grid	https://sendgrid.com/terms-of-service-2017/
Crisp	available in the personal account; manual for signing - https://help.crisp.chat/en/article/how-to-sign-my-gdpr-data-processing-agreement-dpa-1wfmngo/
IP Quality Score	https://www.ipqualityscore.com/data-processing-agreement
First Promoter	available at request; information on personal data processing - https://firstpromoter.com/gdpr
Amplitude	can be available at request; information on Amplitude’s data processing practices and commitments - https://amplitude.com/amplitude-security-and-privacy
Prove Source	https://drive.google.com/file/d/1RdmThRiR05G4pO_9pYI2FNTPG_Xmlyhu/view

Zebra Service

On our Site, we may offer you access to and/or use the Zebra service provided by Zmatic LTD (Bulgaria). When you request Zmatic LTD to collect the personal data of third parties as a part of the Zebra service, you can be considered as a data controller and Zmatic LTD as a data processor under the GDPR. We recommend that you carefully read Zmatic LTD’s Privacy Policy to enhance your own compliance scheme and, if necessary, enter into a data processing agreement of some kind prior to instructing Zmatic LTD to process any personal data or disclosing the details of your account on Snovio’s platform.

However, be aware: when you fill out the “Get a demo” request, your personal data is collected by Zmatic LTD as a data controller. We only obtain your personal data from Zmatic LTD to issue an invoice and send it to you. During this processing operation, Snovio acts as a data processor and doesn’t use these data points for any other purposes.

In the event that third parties contact Snovio with regard to the deletion of its personal data or the exercise of other data subject rights under the GDPR, in any case, Snovio will use all reasonable efforts to forward requests concerning your data processing activities to you as a data controller to obtain the instruction as to the request.

INTERNATIONAL DATA TRANSFERS

For transfers to countries that do not fall under the requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to the third countries outside the EU and the EEA, including the onward transfers of the personal data from the third countries to other third countries, under Article 46 of the GDPR with the appropriate safeguards, including the SCC.

We disclose your personal data to the countries outside the EU and the EEA, in compliance with our internal International Transfer Procedure in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons.

We put supplementary technical and organizational measures in place when transferring data outside the EU and the EEA. e.g. prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.

EU data protection representative pursuant to Article 27 GDPR:

Mr. Ákos Süle, LL.M. attorney at law Süle Law Firm

Postal address: Rungestr. 25, 10179 Berlin, Germany Dedicated email: snovio@sulelaw.com

The EU data protection representative has been mandated by Snovio Inc as a data controller to be addressed in addition to or instead of Snovio Inc by supervisory authorities and data subjects, on all issues related to data processing, for the purposes of ensuring compliance with the GDPR.

CHILDREN’S PRIVACY

We undertake the best possible efforts to secure the processing of personal data belonging to the underage. Therefore, the Platform does not knowingly collect personal data from persons under the age of 13.

By registering on the Platform and entering into the contract with the Company, you acknowledge that you have reached the age of 13 and under the laws of your country of residence you have all rights to provide us with your personal data for processing.

If you have any reason to believe that a child under the age of 13 has provided his/her personal data to us, please contact us at help@snov.io.

RIGHTS UNDER GDPR

We kindly invite you to share your concerns with us in the first place regarding any issue related to your personal data processing. You may use the following channels to address your inquiries: help@snov.io.

When we act as a joint controller with regard to particular processing of prospect data, you may exercise your rights under the GDPR in respect of and against both our clients and us.

If we receive any complaint, claim or request from the data subject which shall be completed by our joint controller, we immediately notify it of such request and inform the data subject of the applied measures and further performance steps regarding serving such complaint/claim/request.

Please, note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.

Your rights under the GDPR:

right of access means that you may ask us to send you the copy of your personal data collected together with information regarding the nature, processing and disclosure of that personal data;
right to rectification means that you may ask us to update and correct the false data, missing or incomplete personal data.
right to erasure (to be “forgotten”) means that you may ask us to delete your personal data collected, except insofar it is prohibited by appropriate laws.
right to restriction of processing means that you may ask us to restrict processing where:
1. your personal data is not correct or outdated;
2. the processing is unlawful.
right to object to the processing means that you may raise objections on grounds relating to your particular situation;
right to data portability means that you may ask us to transfer a copy of your personal data to another organisation or to you;
right to withdraw the consent when your personal data processed on a basis of your consent (see section Grounds for processing);
right to lodge a complaint with the supervisory authority pertaining to the processing of your personal data.

Supervisory Authority under GDPR:

In case of any questions regarding data protection, you can apply to the supervisory authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find the full list of EU supervisory authorities through the link.

CALIFORNIA RESIDENTS’ RIGHTS

Under the California Consumer Privacy Act (the “CCPA”), California residents have certain rights regarding our collection, use, and sharing of their personal information.

We may collect various categories of personal information when you use and/or access our Platform, including personal information of clients, visitors and third-party prospects.

In particular, depending on actual circumstances, we may collect the following categories of personal information specified in the CCPA when you use and/or access our Platform:

Category A – Identifiers;
Category B – Personal information categories listed in the Cal. Civ. Code § 1798.80(e);
Category D - Commercial information;
Category F – Internet or other similar network activity;
Category G – Geolocation data;
Category I – Professional or employment-related information;
Category L – Sensitive personal information, namely, the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.

You can find a detailed description of the personal information that we may collect from you above in the ‘TYPE OF DATA WE COLLECT’ section of this Policy. Note that in the ‘SHARING YOUR DATA WITH OTHER ENTITIES’ section of this Policy you can review the categories of third parties with whom we may share your personal information. The terms used within those sections of this Policy are taken from the GDPR in consideration of the definitions established in the CCPA.

If you are a California resident, to the extent provided for by the CCPA and subject to applicable exceptions, you have the following rights in relation to the personal information we have about you:

Right to obtain information. You can request information about what personal information has been collected about you and how we have used that personal information during the preceding 12 months.
Right of access. You can request a copy of the personal information that we have collected about you during the preceding 12 months.
Right to deletion. You can request us to delete the personal information that we have collected from you unless it is necessary for us to maintain your personal information in certain cases under the CCPA, such as protection against malicious, deceptive, fraudulent, or illegal activity.
Right to be free from discrimination relating to the exercise of any of your privacy rights.

We take the protection of your privacy seriously, so in no way will we discriminate against you for exercising any of your rights granted by the CCPA.

You can exercise your rights under the CCPA by sending us an email by any other means of communication convenient for you, including those listed in the ‘CONTACT INFORMATION’ section of this Policy.

Please, note that we may need to confirm your identity to process your requests to exercise your rights under the CCPA. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.

BRAZILIAN RESIDENTS’ RIGHTS

This section will help you understand your rights under the LGPD and the way how we ensure them. If you are a user located in Brazil, you are able to exercise the following rights with respect to your personal data that we process:

right to confirmation of the existence of the processing; right to access the data;
right to correct incomplete, inaccurate or out-of-date data;
right to anonymize, block, or delete unnecessary or excessive data or data processed in noncompliance with the provisions of the LGPD;
right to the portability of data to another service or product provider, by means of an express request;
right to delete personal data processed with the consent of the data subject;
right to obtain the information about the possibility of not giving consent and about the consequences of the refusal;
right to obtain the information about public and private entities with which the controller has shared data;
right to revoke consent.

Please note! We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm the personal data relates to you. We will only use such personal data to verify your identity

You may exercise the aforementioned rights by submitting your request at help@snov.io or in any other way convenient for you.

HOW TO DELETE YOUR DATA

We kindly ask you to contact us directly so that we can quickly satisfy your deletion request or you can use a dedicated tool to delete your personal data from our Platform by yourself as described below.

You may request Company to delete all of your personal data using the following options of your choice:

by sending a request to Snovio via email help@snov.io or through any other available means of communication;
by using Snovio’s Clear email feature, which works as follows: upon receipt of the signal that a person used the dedicated form, the Company will delete the personal information it holds as a data controller and pass through such request for deletion to current and future data controllers (our clients in this case) if any.

In any case, please let us know if you have any difficulties in deleting your personal data. We will be happy to help you.

CHANGES TO THIS POLICY

This Policy may be changed from time to time due to the implementation of new technologies, laws’ requirements or for other purposes. We will send notice to you if these changes are dramatic and where required by applicable laws, we will obtain your consent. Also, we encourage you to regularly review this Policy to check for any changes.

Such notification may be provided via your email address, posted in our social media accounts or announcement on the Site and/or by other means, consistent with applicable law.

If possible, we always give advance notice of upcoming changes by indicating when the new version Privacy Policy will take effect. If you continue to use our service or otherwise provide us with your personal information after the new version of the Privacy Policy goes into effect, we assume that you agree to the changes.

CONTACT INFORMATION

If you have a question related to this Privacy Policy, our processing activities, or your data subject rights under GDPR, CCPA, LGPD, and other applicable laws, you can contact our Data Protection Officer directly using the following details:

External Data Protection Officer
Legal IT Group LLC
Office 1, 38 Volodymyrska Str.
01030 Kyiv, Ukraine
Email: snovio_dpo@snov.io.

You may also contact us directly, including by post, using the following details:

Our address: 220 East 23rd Street, 4th Floor, Office 401, New York 10010, USA
Our email: help@snov.io
Phone number: (+1) 347 705 0819.